U.S. law enforcement is trying to seize control of a network of hundreds of thousands of wireless routers and other devices infected by malicious software and under the control of a Russian hacking group that typically targets government, military and security organizations. In a statement issued late Wednesday, the Justice Department said the FBI had received a court order to seize a domain at the core of the massive botnet, which would allow the government to protect victims by redirecting the malware to an FBI-controlled server. The DOJ attributed the hacking campaign to the group known as Sofacy, also known as Fancy Bear. While the statement did not explicitly name Russia, Fancy Bear is the Russian military-linked group that breached the Democratic National Committee in the presidential election.
“This operation is the first step in the disruption of a botnet that provides the Sofacy actors with an array of capabilities that could be used for a variety of malicious purposes, including intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities,” said Assistant Attorney General for National Security John C. Demers.
And FBI Special Agent in Charge Bob Johnson said: “These hackers are exploiting vulnerabilities and putting every American’s privacy and network security at risk.” Johnson encouraged people and businesses to update their network equipment and change their passwords — though he cautioned “there is still much to be learned about how this particular threat initially compromises infected routers and other devices.”
The announcement of law enforcement’s salvo came just hours after cybersecurity researchers from Cisco’s intelligence unit Talos warned that sophisticated hackers had infected at least 500,000 devices in at least 54 countries with the malware dubbed “VPN Filter.”